Tomorrow, to the person waiting for it, is near: the quiet revolution of financial services regulation in Qatar
Financial Services Focus
Matthew HeatonPartner, Head of Office, Head of Banking & Finance - Qatar
Muhammad MithaSenior Counsel,Banking & Finance
Tomorrow, to the person waiting for it, is near: the quiet revolution of financial services regulation in Qatar.
The MENA region, and the GCC in particular, has a growing reputation for the agility with which it is both recognising and regulating new developments in the financial services sector. Facing new products and services, challenging economic and political influences and a global move towards digitisation and artificial intelligence, regulators have been scrambling to keep pace with the rapidly-changing sector to ensure proper guard rails are in place to protect citizens whilst encouraging economic growth.
And so it has been with financial services regulations in Qatar, where there has been a fundamental step-change in the regulatory environment over the last 24 months. A series of new or revised regulations have been published with the goal to make Qatar a better and more certain place to do business, whilst at the same time emphasising the objectives of the third phase of Qatar’s National Development Strategy and the Qatar National Vision 2030.
In 2024, the Qatar Central Bank (QCB) introduced a comprehensive regulatory framework for digital banks, aiming to modernise the financial sector and enhance customer protection. The new regulations set clear guidelines for the establishment and operation of digital banks in Qatar. These banks must have a registered office in the country and adhere to strict data confidentiality and technology-related obligations. If they offer Islamic finance products, they must also comply with Sharia governance.
One of the key goals of the new regulations is to promote financial inclusion and encourage the innovative use of technology: digital banks are expected to develop products and services that cater to a broader segment of the population, including those who are currently underserved by traditional banks. Digital banks must implement robust measures to safeguard customer data and ensure the security of their transactions. The regulations also detail procedures for handling customer complaints, reporting requirements and penalties for non-compliance.
A series of new or revised regulations have been published with the goal to make Qatar a better and more certain place to do business, whilst at the same time emphasising the objectives of the third phase of Qatar’s National Development Strategy and the Qatar National Vision 2030.
Similar to the Digital Banking Regulations, the QCB introduced regulations for establishing digital insurers who wish to offer various insurance products and services through digital channels, including life and non-life insurance products. The aim of these regulations is to allow insurance companies, including traditional insurance companies to expand their reach and offer new and innovative products using moder technologies and platforms. The QCB emphasises on the use of secure and robust digital platforms capable of meeting the growing demand for technological advancement.
In September 2024 the QCB issued the Artificial Intelligence Guidelines. The guidelines emphasise the need for a well-defined AI strategy that aligns with the entity's overall risk appetite and internal policies. The board of directors and senior management are held accountable for the outcomes and decisions of AI systems, ensuring that these systems promote fair treatment, ethical standards and compliance with regulatory requirements.
The guidelines mandate a robust risk management framework to evaluate and manage risks associated with AI deployment. Entities must classify AI systems as high-risk if they have the potential to cause significant negative impacts, particularly in areas affecting consumer access to financial services, internal organisational decisions or processing sensitive personal information. Human oversight is crucial, with protocols in place to ensure that trained supervisors can monitor, interpret and intervene in the operation of high-risk AI systems. Fully autonomous AI systems, especially those classified as high-risk, require prior QCB approval and must have built-in safeguards to prevent unauthorised actions.
Entities must inform customers when they are interacting with AI systems and provide clear explanations of how AI decisions are made and their potential impact. Customers should have the option to opt-out of AI-driven services, and entities must offer mechanisms for customers to request reviews of AI decisions.
The Qatar Financial Centre (QFC) launched the Digital Asset Regulations 2024, which establish a framework for digital assets and tokenisation. The regulations establish a framework for the management and regulation of digital assets within the QFC. These regulations define the scope of application, including the criteria for permitted tokens, the transactions involving these tokens and the provision of token services.
The regulations specify the meaning of tokens, which are unique electronic data units that are cryptographically secured and represent real or personal property rights. Permitted tokens are those generated in accordance with the regulations and are not excluded tokens, such as cryptocurrencies or stablecoins used as a means of payment. The ownership of a token confers ownership of the underlying asset it represents, and the transfer of a token involves transferring control over the power to transfer the token. The regulations also outline the conditions under which tokens can be cancelled, including when the underlying asset ceases to exist or by court order. It is noteworthy that trading in bitcoins and other cryptocurrencies, including stable coins still remain prohibited in Qatar and are specifically excluded from the scope of the Digital Assets Regulations.
The regulations categorise token services into several types, including validation, token generation, token custody services, operating a token exchange and token transfer services. Entities providing these services must be licensed by the Qatar Financial Centre Authority (and by the QFCRA for services relating to investment tokens) and must ensure that no conflicts of interest arise from providing multiple services. Validation involves confirming ownership of a right and issuing a certificate of validation, while token generation involves creating tokens on behalf of the owner of the underlying asset. Token custody services include holding or controlling tokens on behalf of clients and operating a token exchange involves facilitating the buying and selling of tokens according to non-discretionary rules.
The QCB has announced the launch of its CBDC project, and the development of the infrastructure of CBDCs. The project aims to achieve a set of primary objectives, utilising various technologies including AI and DLT to enhance liquidity and encourage participation in financial market facilities. The CBDC will be issued by the QCB and is initially expected to limit issuance to wholesale participants.
In April 2024, the QCB issued guidelines for the use of cloud computing in the financial sector. These guidelines aim to protect financial data while promoting digitalisation and innovation. Financial institutions must adopt a secure, risk-based approach to cloud computing, ensuring information security and data protection.
The QCB's Data Handling and Protection Regulation sets comprehensive guidelines for the secure use, storage, and processing of data by financial institutions. Key requirements include the creation of a dedicated data governance unit, the appointment of a Data Privacy Officer, and the development of robust data governance policies. Financial institutions must also comply with the Qatar Personal Data Privacy Protection Law and other relevant laws, ensuring the protection of personal, sensitive, and financial information.
Qatar's new regulatory represents a significant step towards modernising the financial sector and ensuring it keeps abreast of its regional rivals. By promoting financial inclusion, encouraging innovation, and ensuring robust customer protection, these regulations aim to create a secure and dynamic environment for digital banking in Qatar.
For further information,please contact Matthew Heaton and Mohammad Mitha.
Published in March 2025
